exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2009-08-23 to 2009-08-24

CMS Aspect Web Design SQL Injection
Posted Aug 23, 2009
Authored by R3VAN_BASTARD | Site sux0r.net

CMS Aspect Web Design suffers from a remote SQL injection vulnerability in product_details.php.

tags | exploit, remote, web, php, sql injection
SHA-256 | 464d9d52f524f408573339caba9f680ce9f20e8b80ed6c603312852b880b03b6
ProShow Gold 4 Buffer Overflow
Posted Aug 23, 2009
Authored by corelanc0d3r

Photodex ProShow Gold version 4 universal buffer overflow exploit for XP SP3.

tags | exploit, overflow
SHA-256 | f90365be4611b3e2e19f4ebdef4091feeae51aa2855bb28233e11dff3df11805
FreeBSD 6.1 kqueue() NULL Pointer Dereference
Posted Aug 23, 2009
Authored by Przemyslaw Frasunek

FreeBSD versions 6.1 and below kqueue() NULL pointer dereference race condition local root exploit.

tags | exploit, local, root
systems | freebsd
SHA-256 | 1954132bfa966f8b2f00fbd93282630ff392c376db14de7c34bfa84008a1c31b
BSD setusercontext Vulnerabilities
Posted Aug 23, 2009
Authored by Kingcope

Various BSD derived operating systems suffer from various vulnerabilities due to the setusercontext() function.

tags | exploit, vulnerability
systems | bsd
SHA-256 | 2c3e7e83b2f80025efe09e3bbad5c78624d782ab98b8cb97ba294434a3188293
VMware Security Advisory 2009-0010
Posted Aug 23, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.

tags | advisory, web, arbitrary
systems | windows
advisories | CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005
SHA-256 | fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
Adobe Flex 3.3 Cross Site Scripting
Posted Aug 23, 2009
Authored by Adam Bixby | Site gdssecurity.com

Adobe Flex versions 3.3 SDK suffers from a DOM-based cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 19e76a5fdee8f5a3cec432ecfb64d9d3567085717670c7c1135650fe4d2e853b
Ubuntu Security Notice 802-2
Posted Aug 23, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-802-2 - USN-802-1 fixed vulnerabilities in Apache. The upstream fix for CVE-2009-1891 introduced a regression that would cause Apache children to occasionally segfault when mod_deflate is used. This update fixes the problem. It was discovered that mod_proxy_http did not properly handle a large amount of streamed data when used as a reverse proxy. A remote attacker could exploit this and cause a denial of service via memory resource consumption. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. It was discovered that mod_deflate did not abort compressing large files when the connection was closed. A remote attacker could exploit this and cause a denial of service via CPU resource consumption.

tags | advisory, remote, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-1891
SHA-256 | 82e1048c58f6bb0269a91f5ef596b82cd31b537d10588dce4ebd63d94ab1528e
DUgallery 3.0 Authentication Bypass
Posted Aug 23, 2009
Authored by Spymeta

DUgallery version 3.0 suffers from a direct access administrative bypass vulnerability.

tags | exploit, bypass
SHA-256 | f229be20cbb39ab7cf30175f8cca2387d6355236e7ce81c4b0eaff50fd2829a3
Debian Linux Security Advisory 1869-1
Posted Aug 23, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1869-1 - It was discovered that curl, a client and library to get files from servers using HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a crafted ITU-T X.509 certificate with an injected null byte in the Common Name field.

tags | advisory, web
systems | linux, debian
advisories | CVE-2009-2417
SHA-256 | c45c48146168e478adfa63db5c46235df689797cd68f3563a28b197ba2668b26
Openwall Linux Kernel Patch
Posted Aug 23, 2009
Authored by Solar Designer | Site openwall.com

The Openwall Linux kernel patch is a collection of security hardening features for the Linux kernel which can stop most 'cookbook' buffer overflow exploits. The patch can also add more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing. Also tightens down file descriptors 0, 1, and 2, implements process limits and shared memory destruction.

Changes: Besides being an update to the 2.4.37.5 kernel release, this revision of the patch adds a fix for the sigaltstack local information leak affecting 64-bit kernel builds.)
tags | overflow, kernel
systems | linux
advisories | CVE-2009-2847
SHA-256 | b7b6877b1d7e4631f1bd26baae92087f511563b1a0c96034f9ac6c168a3ad3dd
Subdreamer SQL Injection
Posted Aug 23, 2009
Authored by Tero Kilkanen

Subdreamer version 2.5.3.2 hotfix#5 suffers from SQL injection vulnerabilities due to the embedding of vulnerable Invision Power Board 2 and phpBB3 modules.

tags | advisory, vulnerability, sql injection
SHA-256 | 7b4bec39033aaebc234421eca70130735ece872362a0900ffd11de68eabd92f9
Mandriva Linux Security Advisory 2009-208
Posted Aug 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-208 - libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read. This update provides a solution to this vulnerability.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2008-4776
SHA-256 | 83a5ca9356239d87e4ee7b67aae57b4f6ad8215675c0a25f01e285653678684e
Cuteflow 2.10.3 Security Bypass
Posted Aug 23, 2009
Authored by Hever Costa Rocha

Cuteflow version 2.10.3 suffers from a remote security bypass vulnerability in edituser.php.

tags | exploit, remote, php, bypass
SHA-256 | 213ac3be579adf6f91dc31e93fe9376ce5dcec4b96c1143c20529091e85969b6
Firefox / Explorer / Chrome Denial Of Service
Posted Aug 23, 2009
Authored by MustLive

A priorly discovered denial of service vulnerability discovered in Mozilla Firefox also appears to affect Microsoft Internet Explorer and Google Chrome.

tags | advisory, denial of service
SHA-256 | 7277b13091eb3553c7da2530db4737b3d0b5253256270e22c23d401ccea3d267
Kaspersky AV/IS 2010 Denial Of Service
Posted Aug 23, 2009
Authored by Maksymilian Arciemowicz | Site securityreason.com

Kaspersky AV/IS 2010 suffers from a denial of service vulnerability in avp.exe.

tags | exploit, denial of service
SHA-256 | 9d63e4708659427d237e63fca4e3def2b651fefaefc21800b2fd8d9caf8dcb21
CA HIPS kmxids.sys Remote Kernel Vulnerability
Posted Aug 23, 2009
Site ivizsecurity.com

CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console. It is possible to trigger faults in the kernel driver (kmxids.sys) used by the protection agent by sending certain malformed IP packets.

tags | advisory, kernel
advisories | CVE-2009-2740
SHA-256 | 23841421c5001f9dc9ee18df624a55e0b47662b59340b4152f572bc4ada45613
Cisco Security Advisory 20090819-fwsm
Posted Aug 23, 2009
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, crafted ICMP messages.

tags | advisory
systems | cisco
advisories | CVE-2009-0638
SHA-256 | 713281e09eed7d4b3cb6bce52be62e03b55db7f8b28a6b682d83aee938aef8b6
Facebook Cross Site Request Forgery
Posted Aug 23, 2009
Authored by Ronen Zilberman | Site quaji.com

Facebook suffered from a cross site request forgery vulnerability.

tags | advisory, csrf
SHA-256 | 7f02ac72318135f6300fd96d932348f416039da38ac4c866eded589974d11a20
Geeklog 1.6.0sr1 File Upload
Posted Aug 23, 2009
Authored by JaL0h

Geeklog version 1.6.0sr1 suffers from an arbitrary remote file upload vulnerability.

tags | exploit, remote, arbitrary, file upload
SHA-256 | be09299269e9a6813b6077f704fb7219ab0d41bc960a28310262b58be41b7be2
OWASP ESAPI XSS Bypass
Posted Aug 23, 2009
Authored by Inferno from Secure Thoughts

A bypass vulnerability exists against the cross site scripting protection in the OWASP ESAPI.

tags | exploit, xss, bypass
SHA-256 | cb7596702d627eb416c2300a8cad6361171854a2fa24054ae30b467069eb6cbb
iDEFENSE Security Advisory 2009-08-11.2
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code as included in various vendors' ActiveX controls, could allow an attacker to execute arbitrary code within Internet Explorer (IE). iDefense has confirmed the existence of this vulnerability inside Microsoft' ATL and MFC. This vulnerability appears to be limited to MFC version 3.0. Any source code compiled with these libraries may also be vulnerable.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2009-2494
SHA-256 | edf512cb6aeb0c9390b72abd37b17a7b330c0d5d4e8ffa3daeb55ff3ca91c23d
ProShow Gold Code Execution
Posted Aug 23, 2009
Authored by SVRT | Site security.bkis.vn

ProShow Gold suffers from buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 381b7ca0a44ec4a671e376d4889f03cd447c48907b253b99e786aa461d1a5789
iDEFENSE Security Advisory 2009-07-28.3
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 07.28.09 - Remote exploitation of an information disclosure vulnerability in Microsoft's ATL/MFC ActiveX template, as included in various vendor's ActiveX controls, allows attackers to read memory contents within Internet Explorer. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL version 9.0. Any source code compiled with these libraries may also be vulnerable. Previous versions may also be affected.

tags | advisory, remote, activex, info disclosure
advisories | CVE-2009-2495
SHA-256 | c267c222d9c34b1a2d7d1db54912e2fbbb444fafe882d61044c1ce0bd64bd46f
iDEFENSE Security Advisory 2009-07-28.2
Posted Aug 23, 2009
Authored by iDefense Labs, Ryan Smith | Site idefense.com

iDefense Security Advisory 07.28.09 - Remote exploitation of a logic flaw vulnerability in Microsoft Corp.'s ATL/MFC ActiveX code, as included in various vendors' ActiveX controls, could allow attackers to bypass ActiveX security mechanisms. iDefense has confirmed the existence of this vulnerability inside Microsoft's ATL and MFC. Although later versions of the ATL/MFC are less vulnerable, certain conditions can trigger the same exploit pattern.

tags | advisory, remote, activex
advisories | CVE-2009-2493
SHA-256 | d87248b69d8604013d1f30ba472eab8230eac08a11208461df8766f80fcdfc2e
iDEFENSE Security Advisory 2009-08-11.1
Posted Aug 23, 2009
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 08.11.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Office Web Components 2000 could allow an attacker to execute arbitrary code with the privileges of the logged on user. When instantiating a Spreadsheet object, it is possible to pass the object a parameter that refers to an Excel file that will be retrieved and then loaded. By using a long string for the parameter, it is possible to case a stack based buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Office XP Service Pack 3.

tags | advisory, remote, web, overflow, arbitrary
advisories | CVE-2009-1534
SHA-256 | 7e86dfe50c26093d7d93ca00213f5b882ccab246101ee1b9ba9aba393a3b05fa
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close